mitch_hiller
asked on
Setup of DNS on Win2003 Server
WEe just set up a 2003 server network with 2 servers. The DC is 192.0.0.20 and the other server is 192.0.0.21. We set up dns forwarding on both servers using the wizard to point to our isp's dns server.
One each workstation in the network we put .20 as the primary dns server and .21 as the secondary.
We thought it was working. But we noticed that some computers could only see certain websites.
We found that if we started to switch them around, meaning 21 as primary and 20 as secondary that it would usually solve the problem. But the problem seems to always come back eventually.
Today we even had a computer that could not find www.mysite.com but could find mysite.com
Any thoughts on what we might be doing wrong?
One each workstation in the network we put .20 as the primary dns server and .21 as the secondary.
We thought it was working. But we noticed that some computers could only see certain websites.
We found that if we started to switch them around, meaning 21 as primary and 20 as secondary that it would usually solve the problem. But the problem seems to always come back eventually.
Today we even had a computer that could not find www.mysite.com but could find mysite.com
Any thoughts on what we might be doing wrong?
ASKER
We are in the process of getting rid of DHCP altogether and having static IP's. We were using the router for DHCP and the server for DNS Forwariding.
Do you think turning off DHCP is good enough or would you recommend using DHCP but doing it from the server?
Do you think turning off DHCP is good enough or would you recommend using DHCP but doing it from the server?
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER
I am still a bit confused.
You say I should point .20 to itself, and that is fine and actually how I have it. You say to point .21 to 20. Currently I have .21 pointing to itself but I will change it to .20.
But then you say get rid of the dns forwarder. So your saying That I should have everyone point to my server, .20, for dns, and then I should not configure my server to do any dns?
I am confused by this but am willing to try anything at this point.
Mitch
You say I should point .20 to itself, and that is fine and actually how I have it. You say to point .21 to 20. Currently I have .21 pointing to itself but I will change it to .20.
But then you say get rid of the dns forwarder. So your saying That I should have everyone point to my server, .20, for dns, and then I should not configure my server to do any dns?
I am confused by this but am willing to try anything at this point.
Mitch
I used to have my secondary pointing to itself too, but I was on the phone with Microsoft 1 day troubleshooting a rather nasty Active Directory problem and we got into DNS. The Guru's there said to pick 1 as the main DNS server and point the others to it, including the other DNS servers. They said that it can avoid problems if the seconday server is not fully up to date as the primary one.
Yes, you have everyone point to the .20, your primary DNS server. When a workstation wants an address resolved, it will query your internal DNS server first. If it is on the internal network, it will return an address. If it is in the server's cache, it will return an address. If it is not, then the server will query the Internet Root servers, get the information, put it in it's cache and return that information to the Workstation.
What forwarders do is make that server query the ISP's DNS servers and then they query the Internet Root Servers. The ISP's servers get the most benefits from caching, however if they go down or are busy, etc., none of your external DNS will work until they respond. MS designed it so that DNS Servers servicing domains will go to the all knowing root servers for their answers.
Yes, you have everyone point to the .20, your primary DNS server. When a workstation wants an address resolved, it will query your internal DNS server first. If it is on the internal network, it will return an address. If it is in the server's cache, it will return an address. If it is not, then the server will query the Internet Root servers, get the information, put it in it's cache and return that information to the Workstation.
What forwarders do is make that server query the ISP's DNS servers and then they query the Internet Root Servers. The ISP's servers get the most benefits from caching, however if they go down or are busy, etc., none of your external DNS will work until they respond. MS designed it so that DNS Servers servicing domains will go to the all knowing root servers for their answers.
Use the Primary Server for DHCP, you can assign static ips from there as well, in other words the machines with certain mac addresses will always have the same static ip address. I did this with my sonicwall firewall before and it worked fine, specially if you want to use remote desctop connection. The way I see it once again is that Microsoft wants you to use their DHCP and DNS on the same server and assign it to all stations and Secondary Servers.
1. So use DHCP from server and assign static ips according to MAC address
2. Your DNS should be the IP of the Primary Domain Controller, your main server (you can put two network cards for better performance, one for the Internet and one for the DHCP and DNS)
3. Use your Firewall to Connect to your ISP, I suggest Sonicwall if you can afford it, a 2040 should do just fine and will even take 2 different ISPS in case one fails the other one kicks in.
How is your Exchange? Go through the Event Log and see what the server is up to? Go to Start > Run > type in eventvwr and press ok, EventLog will come up, look for any Errors marked as Red X's
1. So use DHCP from server and assign static ips according to MAC address
2. Your DNS should be the IP of the Primary Domain Controller, your main server (you can put two network cards for better performance, one for the Internet and one for the DHCP and DNS)
3. Use your Firewall to Connect to your ISP, I suggest Sonicwall if you can afford it, a 2040 should do just fine and will even take 2 different ISPS in case one fails the other one kicks in.
How is your Exchange? Go through the Event Log and see what the server is up to? Go to Start > Run > type in eventvwr and press ok, EventLog will come up, look for any Errors marked as Red X's
What Kolian is referring to are Reservations on DHCP. I use those for my servers and for the 2 machines I use for RDP and PCAnywhere. On a large network with lots of traffic or Clustering, 2 Nics might be preferred, but for a smaller one, you won't see any speed difference IMHO. I'm all for using the Kiss method.
I suggest running DHCP and DNS on your primary domain controller.